Are you or have you been participating in the government’s meaningful use incentive program? As of December 2013, the Centers of Medicare and Medicaid Services (CMS) have made payments well over $19 billion in meaningful use incentive payments. If you have participated in meaningful use, you should be preparing to be audited. The CMS and Figliozzi and Co., the Garden City, New York, accounting firm contracted to facilitate the Medicare Meaningful Use auditing program, have not reported the number of audits that have been conducted. But many close to the auditing process say they have seen evidence of audits increasing in frequency in recent months—and that some physicians are not prepared when the auditors come calling.
David Zetter, founder of Zetter HealthCare, a Mechanicsburg, Pennsylvania-based healthcare consulting firm, and a member of the National Society of Certified Healthcare Business Consultants states that in his experience, some physicians just “aren’t doing what they attested to do.” Many small practices leave the legwork of meaningful use to practice managers. Zetter says while it is good to have some level of trust in the practice manager or whomever is in charge of the legwork, it’s always smart for physicians to verify for themselves that the work is being done and not simply assume. “If you don’t, that’s blind assumption. And you are taking a big chance and putting yourself at risk, as well as your entity, your corporation, whatever the case may be, and that’s not very smart nowadays,” Zetter says.
Attorney Clinton Mikel, JD, says he has also seen anecdotal evidence that audits are occurring more frequently. “From a policy perspective, it makes sense that [audits are] increasing because it is such a hot focus area and, frankly, it’s a way to recoup money,” says Mikel, who is a partner at the health law firm The Health Law Partners. Mikel also states, “It’s also important to respond right away after receiving an audit letter.” Getting the necessary documents in order can be a time-consuming process. Auditors generally allow 14 days to respond to an audit notice.
Failure to respond with the requested documentation could incur a penalty.
When you are notified by email that you are being audited, you will be asked to produce the following:
Proof that the EHR system used to meet meaningful use requirements is certified.
Documentation that quality measure, core, and menu objective data were accurate.
Proof that a security risk assessment was conducted and a corrective action plan has been drafted.
The critical documentation physicians need to have and produce is an auditable source for all data used for registering and attesting to meaningful use. This includes all the objectives, evidence of all yes or no.
The experts agree that the security risk assessment is one of the requirements that trip up many physicians. A risk analysis is something all physician practices should have had in place since 2005, when the Health Insurance Portability and Accountability Act (HIPAA) Security Rule went into effect. Yet it’s a concept many are still not familiar with, says Zetter. “I know some clients that we have followed up on after the fact come in stating they need assistance, and we find out they blatantly lied about it,” he says, adding that the client attested to having had done a risk assessment only to later admit they didn’t know what it was. The Security Rule has many required standards, the risk assessment is just one of 18 implementation specifications.
Neglecting to perform regular risk assessment can place physicians at risk of having to pay back incentive money they have received, being penalized by the U.S. Department of Health and Human Service’s Office for Civil Rights for not being in compliance with HIPAA and for making a False Claim.
Auditing 101- document, document and document more……
JAL Consulting & Associates has tackled all the elements of this compliance jigsaw puzzle, successfully assisting covered entities to make sense of it all and implement the correct policies and procedures that are reasonable and appropriate for their entity. In addition to this monthly newsletter, Judith has authored a comprehensive and customizable compliance manual complete with the appropriate procedures, policies, staff training and testing. Judith is currently writing Volume II of her HIPAA series: A Professional’s Guide to Understanding HIPAA.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.